| Rising threat of cyber attacks requires collaborative approach to resilience
AWWA Articles

Rising threat of cyber attacks requires collaborative approach to resilience

Image of cybersecurityResponding to recent high-profile cyber-attacks on U.S. water and wastewater systems and other critical infrastructure, the American Water Works Association (AWWA) commissioned a report that examines approaches for increased cybersecurity oversight and accountability.

Earlier this year, after a water utility in Oldsmar, Fla., was hacked and the Colonial Pipeline was hit with a ransomware attack, the Biden Administration issued an executive order calling for private-public collaboration to improve water sector cybersecurity by increasing supply chain security, improving federal cybersecurity standards, and establishing a cyber safety review board.

To inform a water-sector led approach, AWWA commissioned a report from Dr. Paul Stockton, a prominent cybersecurity expert who previously served as Assistant Secretary of Defense for Homeland Defense and Americas’ Security Affairs.

Stockton’s report explores industry-led regulatory options to support water sector cyber resilience, including the option of creating industry-wide cyber standards with oversight from a federal body, similar to what exists within the energy sector.

Pat Kerr“AWWA recognizes that actions necessary to mitigate cyber risks to drinking water and wastewater systems require a collaborative partnership between owner/operators and federal, state and local partners,” said Pat Kerr (pictured right), chair of AWWA’s Water Utility Council.

“Because the sector collectively deals with a complex set of information systems and hardware that operates around-the-clock to ensure public health and safety, there is an opportunity and need to improve cybersecurity across the sector,” Kerr added. “Taking no action is not acceptable.”

Stockton’s report analyzes how the water sector might create a sector-led process to develop mandatory, enforceable standards. This would be achieved through collaboration with the U.S. Environmental Protection Agency. 

In the coming months, AWWA plans to lead discussions among leadership and volunteers to strengthen the water sector’s cybersecurity resilience.
“The cybersecurity needs within the water sector are up and down the spectrum of complexity, utility size is not a proxy for maturity or capability, nevertheless it is clear that together we must advance a sector-wide approach for resilience to cyberthreats,” said Kevin Morley, AWWA’s federal relations manager. “The cyber threat landscape is dynamic, and we need to establish a consistent foundation for managing the risk to water sector assets.”